Jan v0.4.12 'readFileSync' - Path Traversal

Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface. id: CVE-2024-36857 info: name: Jan v0.4.12 'readFileSync' - Path Traversal author: Yusuf Amr severity: high description: | Jan v0.4.12 was discovered to contain an arbitrary file rea...

Jan v0.4.12 - Arbitrary File Upload

An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. id: CVE-2024-36858 info: name: Jan v0.4.12 - Arbitrary File Upload author: pussycat0x severity: critical description: | An arbitrar...

Agent Zero 跨站脚本漏洞

Agent Zero is an artificial intelligence framework developed by Jan Tomášek. Versions of Agent Zero prior to 1.15 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of security headers when SVG files were provided through the imageget endpoint, which could le...

WordPress Creator LMS plugin <= 1.1.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Creator LMS versions = 1.1.12...

EUVD-2025-205979

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in janhenckens Dashboard Beacon allows Stored XSS.This issue affects Dashboard Beacon: from n/a through 1.2.0...

Malicious code in jan-browser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6061d20158eb6f2952932cac8bd818201360f36f2a4fd989357c12400c58a49b The package jan-browser was found to contain malicious code. Source: ghsa-malware a3954e4e8e77c870bfc41cd61410400a2f7ba85ce1d56123f2e672f63543e6e1 An...

MAL-2025-190847 Malicious code in jan-browser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6061d20158eb6f2952932cac8bd818201360f36f2a4fd989357c12400c58a49b The package jan-browser was found to contain malicious code. Source: ghsa-malware a3954e4e8e77c870bfc41cd61410400a2f7ba85ce1d56123f2e672f63543e6e1 An...

EUVD-2025-198829

Malicious code in jan-browser npm...

MAL-2025-156811 Malicious code in iomodra-fuoa-jan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79a8d64fcbac8cbf3329d528bcafc376ae9ff39ae604c0f84a824f93e74c8f3b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

WordPress Booking Manager plugin <= 2.1.17 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jan Barszcz in WordPress Plugin Booking Manager versions = 2.1.17...

EUVD-2005-3278

Malware in sbrugna...

EUVD-2024-26148

Malicious code in bioql PyPI...

EUVD-2024-1976

Malicious code in bioql PyPI...

PT-2025-27109 · Unknown · Syed Tahir Ali Jan Bulk Youtube Post Creator

Name of the Vulnerable Software and Affected Versions: Syed Tahir Ali Jan Bulk YouTube Post Creator versions 1.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS attacks...

CVE-2025-29509

Jan v0.5.14 and before is vulnerable to remote code execution RCE when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of electronAPI, with a lack of filtering of URL when calling shell.openExternal...

CVE-2025-29509

Jan v0.5.14 and before is vulnerable to remote code execution RCE when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of electronAPI, with a lack of filtering of URL when calling shell.openExternal...

CVE-2025-29509

Jan v0.5.14 and before is vulnerable to remote code execution RCE when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of electronAPI, with a lack of filtering of URL when calling shell.openExternal...

PT-2025-20578

Name of the Vulnerable Software and Affected Versions Jan versions 0.5.14 and earlier Description The software is susceptible to remote code execution RCE when a user clicks on a link displayed within a conversation. This occurs because the application opens external websites and exposes the...

CVE-2025-29509

CVE-2025-29509 affects Jan v0.5.14 and earlier. An RCE is possible when a user clicks a rendered link in a conversation, due to the app opening external websites and an exposed electronAPI, with unfiltered URLs in shell.openExternal(). The CVSS v3.1 base score is 8.8 (HIGH) with network attack ve...

Jan 安全漏洞

Jan is an open source replacement for ChatGPT by Jan Open Source. A security vulnerability exists in Jan 0.5.14 and earlier versions, which originates from a remote code execution that may be triggered when a user clicks on a link rendered in a session...